package com.pansky.crm.config.shiro;

import com.pansky.crm.filter.ClientShiroFilter;
import com.pansky.crm.util.Base64;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    @Bean
    public Realm userRealm() {
        return new UserRealm();
    }
    @Bean
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
//        manager.setSessionManager();
        manager.setRealm(userRealm());
//        manager.setRememberMeManager(new );
        return manager;
    }
    @Bean
    public RememberMeManager rememberMeManager() {
        CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
        //注入自定义cookie(主要是设置寿命, 默认的一年太长)
        SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
        simpleCookie.setHttpOnly(true);
        //设置RememberMe的cookie有效期为7天
        simpleCookie.setMaxAge(604800);
        rememberMeManager.setCookie(simpleCookie);
        //手动设置对称加密秘钥，防止重启系统后系统生成新的随机秘钥，防止导致客户端cookie无效
        rememberMeManager.setCipherKey(Base64.decode("6ZmI6I2j3Y+R1aSn5BOlAA=="));

        return rememberMeManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean() {
        ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
        filter.setSecurityManager(securityManager());

        //加入自定义的filter
        Map<String, Filter> filterMap = filter.getFilters();
        filterMap.put("client", new ClientShiroFilter());
        filter.setFilters(filterMap);

        //定义相关路径
        filter.setLoginUrl("/login");
        //未授权跳转页面
        filter.setUnauthorizedUrl("/noAuthorize");

        //定义拦截路径,记得将静态资源也排除过滤
        /*进行权限的控制,必须使用LinkHashMap,shrio要按照顺序进行设置*/
        Map<String, String> authMap = new LinkedHashMap<>();
        authMap.put("/upload/image/**", "anon");
        authMap.put("/session/**", "anon");
        authMap.put("/employee/updatePwd", "anon");
        authMap.put("/webSocket/**", "anon");
        authMap.put("/notice/**", "anon");
        authMap.put("/file/**", "anon");
        authMap.put("/image/list", "anon");
        authMap.put("/**", "client");
        filter.setFilterChainDefinitionMap(authMap);

        //配置完成
        System.out.println("---------------shirofactory创建成功");
        return filter;
    }

    @Bean(name = "clientShiroFilter")
    public ClientShiroFilter clientShiroFilterBean() {
        return new ClientShiroFilter();
    }

    @Bean
    public FilterRegistrationBean myLoginRegistrationBean() {
        FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
        filterRegistration.setFilter(clientShiroFilterBean());
        //  该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理
        filterRegistration.addInitParameter("targetFilterLifecycle", "true");
        filterRegistration.setAsyncSupported(true);
        filterRegistration.setEnabled(true);
        filterRegistration.setDispatcherTypes(DispatcherType.REQUEST);
        //   filterRegistration.addUrlPatterns("/*");// 可以自己灵活的定义很多，避免一些根本不需要被Shiro处理的请求被包含进来
        //    filterRegistration.setName("MyLoginFilter");
        //   filterRegistration.setOrder(1);
        return filterRegistration;
    }

}

